Groups offer a convenient way to assign identical permissions to multiple users at once. This is useful if your organization includes multiple teams with common access needs.
You can refer to this image as a guide when creating a group.
In this case, the group has been created with viewer access to the VMware Aria Automation for Secure Clouds organization. Any user who is added to the group automatically inherits the same permissions.
You can grant a group access to a project the same way you would for a user. Refer to the Manage users section for more details.
Remember that any assigned organization permissions inherit for all projects, so you only need to assign project access to a group that has no organization permissions or needs more access to a given project than what is already provided by existing organization permissions.
If necessary, you can change permissions for a group after initial setup. For example, you can follow these steps to remove a group's organization viewer role while retaining any project access it has.
From the CSP dashboard, navigate to Identity & Access Management > Active Users.
Search for the group and click the double arrow icon next to the name to expand their role. If you see (Limited) next to the service role, it means the group has project access. If the service role does not have a limited label, then the group has organization access.
Click Edit Roles.
Remove the service role and click Save.